From a39f69b9bdae00cab5d28c1ece34c90d94a7fbd9 Mon Sep 17 00:00:00 2001 From: Darkvater Date: Wed, 5 Apr 2006 20:11:01 +0000 Subject: [PATCH] (svn r4291) - Fix: validate all received strings for correctness. This fixes potential crashes on invalid clients/servers (thanks test for bringing this to our attention) --- network_data.c | 3 +++ network_udp.c | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/network_data.c b/network_data.c index ffb4bdddc0..977e084475 100644 --- a/network_data.c +++ b/network_data.c @@ -273,6 +273,7 @@ uint64 NetworkRecv_uint64(NetworkClientState *cs, Packet *packet) void NetworkRecv_string(NetworkClientState *cs, Packet *p, char* buffer, size_t size) { int pos; + char *bufp = buffer; /* Don't allow reading from a closed socket */ if (cs->quited) @@ -289,6 +290,8 @@ void NetworkRecv_string(NetworkClientState *cs, Packet *p, char* buffer, size_t ++pos; } p->pos = pos; + + str_validate(bufp); } // If PacketSize changes of size, you have to change the 2 packet->size diff --git a/network_udp.c b/network_udp.c index 06b5b83dea..7fed91b10f 100644 --- a/network_udp.c +++ b/network_udp.c @@ -134,9 +134,6 @@ DEF_UDP_RECEIVE_COMMAND(PACKET_UDP_SERVER_RESPONSE) item->info.map_set = NetworkRecv_uint8(&_udp_cs, p); item->info.dedicated = NetworkRecv_uint8(&_udp_cs, p); - str_validate(item->info.server_name); - str_validate(item->info.server_revision); - str_validate(item->info.map_name); if (item->info.server_lang >= NETWORK_NUM_LANGUAGES) item->info.server_lang = 0; if (item->info.map_set >= NUM_LANDSCAPE ) item->info.map_set = 0;